Armenian Knowledge Base  

Go Back   Armenian Knowledge Base > Technical sections > Software > Software Security
Register

Reply
 
LinkBack Thread Tools
Old 07.03.2002, 20:50   #1
Консервативн
 
VX's Avatar
 
Join Date: 01 2002
Location: Кавказская Албания
Posts: 889
Downloads: 0
Uploads: 0
Reputation: 0 | 0
Angry Apache Mod_SSL/Apache-SSL Buffer Overflow Vulnerability

http://online.securityfocus.com/cgi-...ussion&id=4189


Mod_SSL and Apache-SSL are implementations of SSL (Secure Socket Layer) for the Apache webserver.

A buffer overflow vulnerability exists in mod_ssl and Apache-SSL that may allow for attackers to execute arbitrary code. The overflow exists when the modules attempt to cache SSL sessions. Vulnerable versions of mod_ssl and Apache-SSL are incapable of handling large session representations.

To exploit this vulnerability, the attacker must somehow increase the size of the data representing the session. This may be accomplished through the use of an extremely large client certificate. This is only possible if verification of client certificates is enabled, and if the certificate is verified by a CA trusted by the webserver. Though these requirements make this vulnerability theoretical, administrators are still urged to upgrade.
__________________
Праздник к нам приходит...

|^^^^^^^^^'''^\| ||\__
| ВОДКА-ВОДКА | ||','''|'''''''\_____,_
| _..... _ | ||_ _|'__|_____||.........| |
'(@)'(@)'(@)''''''''''''''''''''''*|(@)""""|(@)*
Reply With Quote
Reply

Thread Tools


На правах рекламы:
реклама

All times are GMT. The time now is 11:41.


Powered by vBulletin® Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.